Symptoms

You need to troubleshoot Java instances on the vRealize Operations Manager vApp

Purpose

This article provides steps to run the Java Monitoring and Management Console so that you can remotely troubleshoot Java instances running in VMware vRealize Operations Manager (formerly known as vCenter Operations Manager) 5.x using an ssh tunnel. These steps do not require modifications to the vApp or customer environment.

Note: The vRealize Operations Manager vApp does not have an X server and graphical interface.

Resolution

Note: The examples in this article use a UI virtual machine with an IP address of 192.168.1.85, and an Analytics virtual machine with an IP address of 192.168.1.86. Port 1500 is used as Socket Proxy.

To run the Java Monitoring and Management Console to troubleshoot Java instances:

To use ssh on Linux:

In the terminal, run the command:

# ssh -f -ND 1500 192.168.1.85 -l root

Enter the root password.

Open the Java Monitoring and Management Console by running this command:

Note: Port 1205 in the command below can be changed to connect to different processes. For example, use 1099 for ActiveMQ, 1203 for Collector, or 1201 for Web.

At the command prompt, open the Java Monitoring and Management Console by running this command:

Note: Port 1205 in the command below can be changed to connect to different processes. For example, use 1099 for ActiveMQ, 1203 for Collector, or 1201 for Web. Attempt connecting to ActiveMQ via 1099 to ensure connectivity is working before attempting subsequent connections.

Note: When troubleshooting is completed, disable SSH Port Forwarding by resetting AllowTcpForwarding from yes to no.

In vRealize Operations Manager (formerly known as vCenter Operations Manager) 5.8.0 and later versions, the initial connection fails with these errors:

ConnectionFailedSSL1ConnectionFailedSSL2

Two buttons are available, Insecure and Cancel. Click the Insecure button to allow the connection to proceed.

Impact/Risks

Because a Socket Proxy is used, there is a security risk if the Linux or Windows host used for establishing the tunnel is a multiuser machine. All users on the machine can connect to the vApp when the tunnel is established. However, this method is more secure than opening the firewall on the vApp for remote JConsole troubleshooting.

Update History

12/12/2013 - Added steps to allow SSH tunneling for JConsole Access

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.